Managing a Node using Chef

Created: Managing a Node using Chef

Updated: 03 September 2023

From this Module

1
Infrastructure Automation > Manage a node > Ubuntu > On premises

Overview

Chef typically comprises of three different parts

  1. A Workstation which is the computer that cookbooks are authored and administered from (This can be your daily PC with any OS)
  2. A Chef Server is the central repository for cookbooks as well as information about the nodes they manage
  3. A Node is any computer managed by a Chef server and has Chef installed on it (This can be any instance of Ubuntu 14.04)

For this section we will need to have all of the above set up

Set Up Your Workstation

Download Chef

You will first need to download the Chef for your workstation from here

Open Chef Workstation

On Windows open the Chef Workstation Powershell app (CW Powershell), on Mac and Ubuntu open a terminal as usual

Be sure to use CW Powershell for the remainder of steps being carried out on Windows

Create a Working Directory

We’ll use our learn-chef directory that we set up earlier

Install Git

How do you not have this??

Verify SSH

If you need to connect to your Chef Server with SSH, verify that you have SSH installed by running ssh in your terminal. For Windows an SSH client is included with Git and Chef Workstation

Install Chef Server

Install and Configure

On the server, create a file /tmp/install-chef-server.sh with the following contents

1
#!/bin/bash
2
apt-get update
3
apt-get -y install curl
4


5
# create staging directories
6
if [ ! -d /drop ]; then
7
  mkdir /drop
8
fi
9
if [ ! -d /downloads ]; then
10
  mkdir /downloads
11
fi
12


13
# download the Chef server package
14
if [ ! -f /downloads/chef-server-core_12.17.33_amd64.deb ]; then
15
  echo "Downloading the Chef server package..."
16
  wget -nv -P /downloads https://packages.chef.io/files/stable/chef-server/12.17.33/ubuntu/16.04/chef-server-core_12.17.33-1_amd64.deb
17
fi
18


19
# install Chef server
20
if [ ! $(which chef-server-ctl) ]; then
21
  echo "Installing Chef server..."
22
  dpkg -i /downloads/chef-server-core_12.17.33-1_amd64.deb
23
  chef-server-ctl reconfigure
24


25
  echo "Waiting for services..."
26
  until (curl -D - http://localhost:8000/_status) | grep "200 OK"; do sleep 15s; done
27
  while (curl http://localhost:8000/_status) | grep "fail"; do sleep 15s; done
28


29
  echo "Creating initial user and organization..."
30
  chef-server-ctl user-create chefadmin Chef Admin admin@4thcoffee.com insecurepassword --filename /drop/chefadmin.pem
31
  chef-server-ctl org-create 4thcoffee "Fourth Coffee, Inc." --association_user chefadmin --filename 4thcoffee-validator.pem
32
fi
33


34
echo "Your Chef server is ready!"

Next make the script a binary with

Terminal window
1
sudo chmod u+x /tmp/install-chef-server.sh

And then run it

Terminal window
1
sudo /tmp/install-chef-server.sh

Configure Ports

Ensure that ports 22, 80, and 443 are exposed on the Chef Server - On VirtualBox I just used port forwarding to map these to my local 22, 80, and 443 ports

Configure the Workstation

kife is the command line tool that provides the interface between the your Workstation and the Chef Server, knife requires two files to authenticate with the Chef Server:

  1. An RSA Private Key - The Chef server holds the public part, the Workstation holds the private
  2. A knife config file, typically called knife.rb and contains information like the Chef Server’s URL, the location of the RSA Private key, and the default cookbook location

Both of these are usually located in a .chef directory

knife provides a a way for you to download the necessary files as a starter kit, but that resets all keys for all users in the account, hence we will do so manually by following the instructions here

Create an Organization

Do not do this now, the setup script already has configured this for us

We can create an organization with the chef-server-ctl org-create command, the command has the following structure

Terminal window
1
 chef-server-ctl org-create ORG_NAME ORG_FULL_NAME -f FILE_NAME

Create a User

Do not do this now, the setup script already has configured this for us

Similar to the process above, use chef-server-ctl user-create to create a user, this has the general structure of

Terminal window
1
chef-server-ctl user-create USER_NAME FIRST_NAME LAST_NAME EMAIL PASSWORD -f FILE_NAME

Move the .pem Files

Move the .pem files we just created to our chef-repo with the following command

Terminal window
1
cp /path/to/ORGANIZATION-validator.pem ~/chef-repo/.chef

Copy the Private Key to Workstation

Copy the chefadmin.pem file to your Workstation’s learn-chef/.chef directory

Create Knife Config File

Create a knife config file learn-chef/.chef/knife.rb and replace the chef_server_url with your Chef server’s FQDN

1
current_dir = File.dirname(__FILE__)
2
log_level                 :info
3
log_location              STDOUT
4
node_name                 "chefadmin"
5
client_key                "#{current_dir}/chefadmin.pem"
6
chef_server_url           "http://localhost/organizations/4thcoffee"
7
cookbook_path             ["#{current_dir}/../cookbooks"]

Verify the Setup

From the learn-chef directory, with CW Powershell (or bash on another OS) run the following commands

Terminal window
1
knife ssl fetch
2
knife ssl check